ACK: [SRU][J/F][PATCH 0/2] CVE-2023-52664
Tim Whisonant
tim.whisonant at canonical.com
Thu Apr 10 03:28:55 UTC 2025
On Wed, Apr 09, 2025 at 04:07:46PM +0200, Massimiliano Pellizzer wrote:
> https://ubuntu.com/security/CVE-2023-52664
>
> [ Impact ]
>
> net: atlantic: eliminate double free in error handling logic
>
> Driver has a logic leak in ring data allocation/free,
> where aq_ring_free could be called multiple times on same ring,
> if system is under stress and got memory allocation error.
>
> Ring pointer was used as an indicator of failure, but this is
> not correct since only ring data is allocated/deallocated.
> Ring itself is an array member.
>
> Changing ring allocation functions to return error code directly.
> This simplifies error handling and eliminates aq_ring_free
> on higher layer.
>
> [ Fix ]
>
> Oracular: not affected
> Noble: not affected
> Jammy: backported from mainline
> Focal: backported from mainline
>
> [ Test Plan ]
>
> Compile and boot tested.
> Loaded the atlantic module without errors:
>
> Jammy:
> $ sudo modprobe atlantic
> $ lsmod | grep atlantic
> atlantic 229376 0
> macsec 61440 1 atlantic
> $ sudo dmesg | tail -n 1
> [ 44.137724] MACsec IEEE 802.1AE
>
> Focal:
> $ sudo modprobe atlantic
> $ lsmod | grep atlantic
> atlantic 94208 0
>
> [ Where Problems Could Occur ]
>
> The fix affects the Aquantia Atlantic Ethernet driver.
> An issue with this fix may lead to incorrect assumptions about
> memory allocation success or failure, potentially resulting in
> memory leaks, missed error detection, or unintended deallocation
> sequences. A user might experience problems such as degraded
> network performance, connectivity loss, or kernel crashes
> under high load conditions.
>
>
Acked-by: Tim Whisonant <tim.whisonant at canonical.com>
More information about the kernel-team
mailing list